Hello nirmalsingh1 and Welcome to WebmasterWorld [webmasterworld.com]

You should be able to tell whether this is human or bot traffic by looking at your access logs. If your site is hosted where CPanel is available, even their cursory tools can generally tell whether it is human or not. Especially since you mention removing ads, look for the Google Media Partners bot, I have see them add a crazy amount of traffic that is definitely not human but can appear to be real traffic with some statistical or analytic tools. The giveaway is the UA.

In the past it was always pretty easy to identify bots, but some of the newest most-advanced bots are better at faking human visitations.
Just offhand I can think of a few clues to look for:
-- Most bots don't download images.
-- Hardly any bots download favicons.
-- Most bots don't execute statcounter scripts. (I don't use analytics on my sites, but I've read that some bots can trick it.)
-- Legitimate bots often visit a sequence multiple pages, but I doubt that most click bots do.
-- Even if the suspect bots come from many different IPs, they probably aren't legitimate if they all have the same UA, or a small set of UAs.

There may be other clues that I can't remember at the moment.

Where's Lucy? She knows more about this than I do.

She knows more about this than I do.

In about two months' time I am hoping to know a little more, because my to-do list for a site that went HTTPS late last year now includes:
-- look very carefully at apparently-human refererless requests for the root that are still coming in on the HTTP side. I'm starting to form a suspicion that these are not actually human, since almost no humans bother with the root at all.

I suspect, but haven't researched it, that one reason robots don't request the favicon is that, unlike images and so on, on most sites it isn't explicitly named in the <head>. Instead, browsers on their own initiative know enough to ask for example.com/favicon.ico. Humanoid robots, meanwhile, will request only things they find explicitly linked.

My analytics code lives on a different site, so some to-all-appearances-human visitors won't execute it. This may be robots not acting on scripts--but it may equally well be humans who for security reasons don't request php files that don't live on the site being visited.

Interesting topic ... I've noticed an increase of this kind of traffic over this year. I take no "action" if the traffic lasts no longer than 30 days (and IPs can be definitely identified), then slap a 403 to make it go away.

Other items taken into consideration is pages sought, images or not, css or favicon requested, etc.

I used to spend a fair amount of time checking my logs for bad bots and blocking them. But no matter how many you block, new ones keep appearing. Also, it's not an enjoyable way to spend your time. So I don't worry about it anymore, unless by chance I happen to notice something that especially annoys me.

Of course I don't have any ads on my sites, but if I did, I suppose I would have to watch out for clickbots or fraudulent human clicks. Except I understand that google has their own system for detecting fraudulent click activity.

So I don't worry about it anymore, unless by chance I happen to notice something that especially annoys me.

Same here ... then again I do keep an eye on things and bad behavior is easier to spot post filter(ing).